Confidentiality Agreements

Employees who work with sensitive information can be both a great asset and a great risk. A person who understands the inner workings of your organization can protect sensitive information or defeat your security controls. Someone who knows your organization could make violations difficult to detect. Contractors who have access to sensitive information can be just as dangerous. How should your organization protect sensitive information from insiders? The answer is to implement a defense-in-depth strategy. Solid access controls and the principle of least privilege are both important, but neither is enough.

Some information leaks occur because of simple ignorance or carelessness. If workers don’t know that information is sensitive, they might treat it with less care. When hiring personnel, you should communicate your organization’s security policy clearly. The employee or contractor confidentiality agreement is a document that accomplishes this. Another name for this document is a non-disclosure agreement (NDA).

A confidentiality agreement is a legally binding document. By signing this document, each party agrees to keep certain types of information confidential. A confidentiality agreement is a necessary part of any relationship that involves sensitive information.

Confidentiality agreements allow organizations to disclose sensitive information to a small number of parties without concern that an information leak might cause harm. For example, these agreements allow organizations to share specifications of unreleased products to business partners. Sharing this type of information allows business partners to develop companion products before the release of original products. Most major software vendors, such as Microsoft and Apple, do this to allow their development partners to write software for new operating systems before the release date. The confidentiality agreement protects the operating system vendor by prohibiting partners from releasing information about the new product.

Another important feature of a confidentiality agreement is that it can protect patent rights. Publicly disclosing an invention can result in forfeiting any patent rights. An organization must keep information about the invention confidential until filing a patent application. Confidentiality agreements with anyone who has access to confidential information can protect your organization from a damaging public disclosure.

A confidentiality agreement defines the types of information parties can and cannot disclose. A confidentiality agreement also specifies how parties may use confidential information. The agreement defines expected behavior and the consequences of violating the agreement. A well-written confidentiality agreement lowers the risk of disclosing confidential information.